From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 0/1] ocaml: Fix CVE-2015-8869 Date: Sat, 30 Apr 2016 14:38:36 -0400 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44111) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1awZnF-0001DP-OX for guix-devel@gnu.org; Sat, 30 Apr 2016 14:39:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1awZn4-0007hq-1G for guix-devel@gnu.org; Sat, 30 Apr 2016 14:39:00 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:42573) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1awZn1-0007dq-PD for guix-devel@gnu.org; Sat, 30 Apr 2016 14:38:53 -0400 Received: from jasmine.lan (c-50-191-78-78.hsd1.pa.comcast.net [50.191.78.78]) by mail.messagingengine.com (Postfix) with ESMTPA id 8A6E7C00014 for ; Sat, 30 Apr 2016 14:38:39 -0400 (EDT) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org This adapts an upstream patch from OCaml to fix CVE-2015-8869. I removed the changes to the files 'Changes' and 'VERSION' since they apply to a more recent version of OCaml. Feedback requested! [0] http://seclists.org/oss-sec/2016/q2/170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8869 Leo Famulari (1): gnu: ocaml: Fix CVE-2015-8869. gnu/local.mk | 1 + gnu/packages/ocaml.scm | 3 +- gnu/packages/patches/ocaml-CVE-2015-8869.patch | 70 ++++++++++++++++++++++++++ 3 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/ocaml-CVE-2015-8869.patch -- 2.7.4